Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Clarification on Active Directory Integration

Go to solution
billychanjy
New Contributor II
New Contributor II

‎10/13/2024 09:00 PM - edited ‎10/13/2024 09:02 PM

Hello everyone, I would like to seek clarification for our client regarding to the following questions.

For Password Synchronization Agent - AD Integration,
Q1. What ports are used by the agent itself?

Q2. What encryption mechanism is used for the password during the synchronization process between AD and EIC?

Q3. What data would the agent retrieve or update in AD? As our client's security team would like to know whether the agent is safe for deployment.

Q4. Is it necessary to install Password Synchronization Agent if we are only going to update password one-way from EIC to AD, but not AD to EIC?

 

Furthermore, we would like to get confirmation whether the AD Connector is capable of assigning users into AD Groups.

Thanks for any insights in advance.

Labels:
0 Kudos
3 REPLIES 3

Go to solution
rushikeshvartak
All-Star
All-Star

‎10/13/2024 09:47 PM

For Password Synchronization Agent - AD Integration,
Q1. What ports are used by the agent itself?

  • HTTPS Ports (443): If it communicates with an EIC instance over REST APIs.

Q2. What encryption mechanism is used for the password during the synchronization process between AD and EIC?

 

  • Passwords are encrypted in transit using TLS/SSL encryption if LDAPS is enabled (Port 636).
  • Additionally, the AES-256 encryption mechanism is commonly used for protecting passwords within EIC or through API calls to secure sensitive data.

 

Q3. What data would the agent retrieve or update in AD? As our client's security team would like to know whether the agent is safe for deployment.

  • The Password Synchronization Agent primarily performs the following operations:
    1. Update passwords in AD to keep them in sync with EIC.
    2. It can retrieve user status and account details (like UserPrincipalName, samAccountName, or AccountStatus) for reconciliation.

 

  • Q4. Is it necessary to install Password Synchronization Agent if we are only going to update password one-way from EIC to AD, but not AD to EIC?
    • No, the Password Synchronization Agent is typically used when you need bi-directional synchronization (AD ↔ EIC).
    • If your use case only requires one-way password updates from EIC to AD, you can configure the AD Connector directly for this without needing the Password Synchronization Agent.

https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter14-Password-Management/Confi...


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Go to solution
billychanjy
New Contributor II
New Contributor II
In response to rushikeshvartak

‎10/13/2024 10:29 PM

Thanks for the reply,

Another question I would like to ask is whether the AD Connector is capable of assigning users into AD Groups?

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to billychanjy

‎10/13/2024 10:36 PM

Yes it it https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Active-Directory-Use-Cases-v2022x.htm


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
Copyright © 2024 Khoros, LLC